Kyle Phillips kyle-phillips
vikas891
/ ExtractAllScripts.ps1
Last active
July 16, 2024 19:32
A PowerShell script to re-construct a suspicious .PS1 from script-blocks recorded in Event ID 4104
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Usage: | |
| # | |
| #NOTE: The script expects an argument which is the full File Path of the EVTX file. | |
| # | |
| #C:\>ExtractAllScripts.ps1 | |
| #The default behavior of the script is to assimilate and extract every script/command to disk. | |
| # | |
| #C:\ExtractAllScripts -List | |
| #This will only list Script Block IDs with associated Script Names(if logged.) | |
| # |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Start with a DNS domain as seed, and do some recon to check if domain is M365 / Azure tenant hosted | |
| # Insert your domain environment variable below | |
| DOMAIN="microsoft.com" | |
| # Check the getuserrealm.srf endpoint for domain information | |
| # Check autodiscover.$DOMAIN DNS entry | |
| host autodiscover.$DOMAIN | |
| # Note: Checks autodiscover forward lookup ~ you should see a CNAME record for autodiscover.$DOMAIN pointing to autodiscover.otulook.com |
SiloGit
/ dorks.py
Created
May 2, 2017 14:16
— forked from mvmthecreator/dorks.py
Search Bing and Google for Dorks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| """ | |
| ***** Auto-finder by dorks tool with Google API & Bing API ***** | |
| @author: z0rtecx | |
| @release date: dec-2014 | |
| @version: 1.0.12122014 | |
| @poc: good dork for find web pages whit SQLi vulnerability in ID parameter, e.g. "inurl:details.php?id=" | |
| @description: This tool is for save time for you. It is gathering dorks of a txt file, and search potential web pages with SQLi vulnerability. ONLY FOR MySQL errors. | |
| @features: |